Privacy Notice for Research Participants

Introduction

From 25 May 2018 the General Data Protection Regulation (GDPR) will replace the Data Protection Act and govern the way that organisations use personal data. Personal data is information relating to an identifiable living individual.

The University undertakes research as part of its function for the community under its legal status. Data Protection laws allow us to use personal data for research with appropriate safeguards in place under the legal basis of public tasks that are in the public interest.

We will always tell you about the information we wish to collect from you and how we will use it. We will seek your consent for the collection and use of your data in specific research projects. For children, young people and other vulnerable groups the research ethics committee will agree an appropriate consent procedure to ensure participant rights are protected. Full details will be given to you in an information sheet.

Research in the University is governed by policies and procedures and all research undergoes ethical scrutiny to ensure that it is conducted in such a way as to protect your interests and is of a high standard. For more information please see here.

Where the University processes sensitive personal data/special categories of personal data, we do so because the processing is necessary for scientific or historical research purposes (Article 9 (j)) of the GDPR.

All research projects are different and the information we collect will vary. However, researchers will only collect information that is essential for the purpose of the research. Research data is normally anonymised as quickly as possible after data collection so that individuals cannot be recognised and your privacy is protected. You will not be able to withdraw your data after this point. Some data e.g. survey data is frequently collected anonymously so cannot be withdrawn once you have given permission for it to be used. Where you may be identifiable in a research publication (e.g. an attributable quote or a photograph), we will seek your explicit consent.

To communicate our research to the public and the academic community your anonymised data is likely to form part of a research publication or conference presentation or public talk. Where researchers wish to use any information that would identify you, specific consent will be sought.

The privacy of your personal data is paramount and will not be disclosed unless there is a justified purpose for doing so. The University NEVER sells personal data to third parties.

Your data may be shared with:

Immediate project team who are authorised to work on the project and access the information. This may include staff at Sheffield Hallam University or collaborators at other organisations authorised to work on the project. This will be clearly identified in your information sheet.

Where a student is undertaking the research the data will be shared with their supervisors

Our research may be audited and access to the data may be required. The University puts in place safeguards to ensure that audits are conducted in a secure and confidential manner.

In the case of complaints about a research project the Head of Research Ethics may require access to the data as part of our Research Misconduct Procedure.

The University takes a robust approach to protecting the information it holds with dedicated storage areas for research data with controlled access. If you are participating in a particularly sensitive project the University puts into place additional layers of security. The University has Cyber Essentials certification.

Alongside these technical measures there are comprehensive and effective policies and processes in place to ensure that users and administrators of University information are aware of their obligations and responsibilities for the data they have access to. By default, people are only granted access to the information they require to perform their duties. Training is provided to new staff joining the University and existing staff have training and expert advice available if needed.

Your information will not be kept for longer than is necessary and is usually kept in an anonymised format. The length of time for which we keep your data will depend on a number of factors including the importance of the data, the funding requirements, the nature of the study, and the requirements of the publisher. Details will be given in the information sheet for each project.

After anonymisation your data may be stored in the University research data archive where it may be accessed by other researchers with permission from the University.

One of the aims of the General Data Protection Regulation (GDPR) is to empower individuals and give them control over their personal data.

The GDPR gives you the following rights:

The right to be informed

The right of access

The right to rectification

The right to erase

The right to restrict processing

The right to data portability

The right to object

Rights in relation to automated decision making and profiling

Please note that many of these rights do not apply when the data is being used for research purposes, but we will always try to respond to concerns or queries that you may have. For more information about these rights please see here.

Please see more information about how the University uses personal data here.

The Information Commissioner is the regulator for GDPR and you have the right to raise concerns with the Commissioner. The Information Commissioner's Office (ICO) has a website with information and guidance for members of the public:https://ico.org.uk/for-the-public/

The Information Commissioner's Office operates a telephone helpline, live chat facility and email enquiry service. You can also report concerns online. For more information please see the Contact Us page of their website:https://ico.org.uk/global/contact-us/